A typical Virtual Private Network (“VPN”) connects client devices to a particular tunnel end point within a private or internal network and from this end point provides general access to the resources available within that network. For example, VPN networks typically provide a single tunnel end point per client device. This end point may be configured when the VPN connection is initially opened. Once the tunnel between the internal network and the client device has been successfully connected, the client device may access the internal network's resources (data, applications, etc.) a an internal view of any split domain name server (“DNS”).
These VPN connections may be somewhat limited in that they require the VPN to be connected prior to accessing the resources or data hosted within the internal network. In some examples, the user may experience various failures such as when a DNS name resolution results in a negative result (NXDOMAIN) because the name is not made known on that side of the split DNS and the application reports “host unreachable” or “service unavailable.” This may occur where the DNS information has been cached but the resource is not reachable prior to the VPN being up. Such failures may commonly require direct user intervention. In addition, the configuration method may also significantly limit the granularity of the security or require additional configuration by the administrator of the internal network in order to limit reachability after the client devices have sent and received information by way of the tunnel. In other examples, where these additional configurations have been achieved (for example, by assigning different VPN users to different VLANs), these configurations may be per client device or user rather than for a specific application.